Category Archives: Computing

Those of using Steam probably already know about Steamcloud, the service which automatically backs up the saves for certain games. The problem is a lot of games that don’t support this and probably never will. So I did some digging around online and managed to figure out how to set up a system to do this for you. It’s fairly easy to get working and once you’ve set it up for a game you don’t need to worry about it again.

The first step is to install a file backup/sharing utility. There’s quite a few available, but I’ll be using Dropboxfor this guide since that’s what I’m already using.

Once you’ve got this set up you then need to find where your saved games are held for each game. For some it might be a single file called “Been.sav” or “data.sav” (if it ends in .sav it’s probably a save file). Or it might be a large number of files and folders, all within another folder called “Save”. You can back them up regardless, but there’s slightly different steps for each type.

Either case you’ll want to copy the save file(s) somewhere into your Dropbox folder. Then open up a command prompt (Start menu, then “run” and type “cmd”) and do one of the following steps for each computer you’re using.

Single save file:

For single files you’ll be using a little utility called “fsutil”. This comes pre-installed on Windows XP (and Windows Vista and 7 as far as I can tell) so you don’t need to install anything extra to get it working. What you need to do is type the following command into the command prompt, swapping in the location you want to store the save file, and the location that the original file was held at. You need to make sure you remove the save file from the original location (make sure you’ve backed it up first!).

C:\>fsutil hardlink create "new location" "old location"

For example, to move my Sonic 3 saved file to my Dropbox folder, I would type out something like this:

As you can see, the files don’t have to share the same name. Now both of these files actually refer to the same file, it just has 2 different names and locations. Practice with a few .txt files if you want some practice before just diving into moving and deleting your saved games.

Save folder:

As far as I can tell, there’s no built-in program for doing this in Windows XP, so you’ll need to get a (free) program called “Junction” which is available from Microsoft (There is a built-in version for Windows Vista/7, but I’ll say why I’m not using that later). Using Junction isn’t much more difficult than using fsutil, except you have to first navigate to wherever you’ve stored the Junction program. The easiest way to do this is to copy to your main C:\ drive, then type “cd\” into the command prompt. To set up the link between the folders though, you type the following

C:\>junction "new location" "original location"

So if I wanted to back up my Baldur’s Gate saved games folder I’ll type something like this

And that’s that. Just like when you’re backing up a single save file, it doesn’t matter if you name the directories anything different.

mklink for Windows Vista/7:

If you’re using Windows Vista/7 there’s a built-in program you can use called mklink. This does the same thing as junction, only you don’t have to go to the same folder every time you want to use it. However, it doesn’t let you run it on an administrator’s account, so you have to create another user account with the ability to create symbolic links. That makes it a bit too lengthy to cram into this post, but if you’d like to check it out you can follow these links to find out about mklink and how to get it working.

There’s lots of reasons why you might want to keep your files secured and hidden away. Maybe you have some personal information that you don’t want everyone else using the PC to find. Maybe you live in a country with a highly oppressive regime which doesn’t allow you to have much personal privacy. You might just not like the idea of every member of airport security being able to access your laptop and all files on request. Or maybe you just really don’t want anyone to find your porn folder.

There’s a couple of different topics to cover here, but this post is going to focus on password protecting and hiding your files.

The main tool you’re going to want to use for protecting and hiding your files is a little program called TrueCrypt. Using this program you can create an archive of any size, with any filename and put it anywhere on your hard drive that you’d like. Accessing the archive is simply a case of finding the file within the folder, then entering the password. After that it appears on your system as another hard drive or USB drive.

The file itself contained no references leading back to TrueCrypt, and TrueCrypt keeps no records on which files its protecting. So basically unless you know exactly where a file is already, you’re not going to find it. This also means that if TrueCrypt is not installed, or kept on a separate USB stick, then there’s generally no indication that it’s being used.

Even saying that, it’s still a good idea to be creative when naming the file and thinking where to put it. Is anyone really going to notice an extra font file in the Windows folder for instance? How about a similarly named data file in a games folder that’s indistinguishable from the others? Obviously where it can be hidden well depends a lot on the file size. A font file 20gb in size might raise a few eyebrows, but a number of 2gb files in a game’s texture folder named “2fortObjects.dat” won’t draw too much attention.

Another handy feature is that you can actually create 2 passwords for any TrueCrypt file. One opens up the data you actually want to secure, while the other brings up an entirely different set of files. If you want to get really sneaky then you can always hide the files you want secured within another archive within the this hidden folder. You can repeat this a number of times if you like, but after a point its so hidden that the only way someone could get that deep is if they already have your passwords.

All in all, this is probably one of the most secure ways to hide and protect your files, and since its free and has some pretty detailed documentation its quite easy to figure out how to get started with.

Back in 1980 John Searle wrote an essay on Artificial Intelligence on a concept he called “The Chinese Room”. This essay was written a criticism of the Turing test as the De facto test for machine intelligence and brings into question whether something can truly be considered intelligent if it appears to be so to the outside world.

The concept goes like this: Imagine yourself or another person with no knowledge of the Chinese language is placed in a windowless room with the walls covered in papers with Chinese writing on them (appearing as meaningless squiggles to anyone who doesn’t know better). They’re given a book that explains, in English, that papers will be posted under the door with Chinese characters written on them, then by consulting the rules laid out in the book and the papers on the wall they write some more Chinese characters on the paper and post it back through. To anyone on the outside it would seem like the person inside the room can understand Chinese perfectly well, despite them not knowing a single word. Taking this analogy further if time were somehow sped up inside the room then the responses could come back instantly, perhaps even being verbally returned rather than physically returned. In the field of Artificial Intelligence this would be a machine, perhaps one human in appearance who responds to forms off interaction verbally, physically and emotionally in a way that would not be distinguishable from a real living human. But ultimately it’s still a machine that’s only responding according to the way it’s programmed. Even if some of ways it would respond are randomised to give it more of a personality, perhaps responding more aggressively or even hesitating on certain subjects, it’s still just a machine. Even if it were to further develop it’s own programming too handle new situations out would be doing ask based on the algorithms it was originally designed with. So the question becomes where do you draw the line between a very well programmed machine and actual intelligence?

Let’s try another angle. Suppose someone suffers from an accident in later life and has to relearn how to perform basic actions and social interaction based on a set of rules to ensure they’re responding correctly. Can they no longer be considered intelligent, or even human, just because they’re following a set of rules on how to behave? When you think about it, apart from the accident, this isn’t too different from how a lot of us behave anyway. We all decide how to act based on the situation we’re in and who we’re with at the time. And we generally act differently at work compared to when we’re at home or with a close group of friends. The line may be hard to narrow down, but when it gets to the point where something appears intelligent to every form of perception I’d say there’s little reason why it shouldn’t actually be placed on the same side of the lines as ourselves.

This is a subject that’s popped up fairly often in fiction, although it’s rarely referred to by name. The idea of a machine that wants to be human has become quite the popular trope and has appeared in Isaac Asimov’s novella and short story “The bicentennial man” which tells the story of a robot which fights for the right to be recognised as human. More recently there’s the reimagining of Battlestar Galactica and constant prejudice against the Cylons who aren’t considered by the humans no matter how human they appear. On a slightly different note there’s Peter Watts novel “Blindsight” which is high Sci-Fi story about aliens, spaceships, vampires and intelligence told from the perspective of a man who had half his brain removed and is himself a sort of Chinese room.

Let’s talk about backing up files. When I was growing up with a 56k modem and small hard drives (I think I got up to 60GB at one point) this seemed to involve taking all the big files I had, TV shows, music, Starcraft mods, etc. and burning them onto CDs. Anyone who actually works with secure data and data backups is probably cringing at this, and for good reason too. Backups are not supposed to involve clearing off your hard drive by moving off files that are too big and not likely to be used for a long time. That’s just freeing up space and in no way does it make your data “backed up”. What I should have done is focus on the files that I used regularly or couldn’t easily replace. Even on a 56k modem that large Starcraft mod is still just a download away.

So after losing numerous saved games, important documents and university assignments I’ve finally learnt how to keep my stuff backed up fairly safely. Coincidentally the same method also lets me share files with people fairly easily too. It’s called Dropbox. In short, it’s a program that lets you create a folder on your hard drive, and any other files or folders you drop into it will automatically be uploaded to their servers. You can then access these from the web interface or, if you have a second computer, they will updated on any other machines that you have it installed upon. So you don’t need to remember to copy that one file onto a USB stick before you take your laptop to uni, you just need to have access to the web. Since switching over I just do all my work out of one of the folders within my Dropbox one and leave music, TV shows or whatever on the hard drive. If I know I can get it again easily enough without too much effort then I’m not too fussed about making it all that difficult for me to lose it. And since the sharing tools are built-in to the interface it’s fairly easy to just share an entire folder with anyone else who’s using it. It’s quite a bit cheaper too.

This may be starting a bit like I’m trying to hawk their software, but frankly I’m a little tired of hearing about people complain about losing saved progress/work when they don’t do a damn thing to prevent it. These things are so simple to use now that there’s really little excuse. It automatically backs up, automatically uploads and downloads files and keeps a history of any files edited recently so you can roll back if you accidentally delete the wrong folder. I wouldn’t really recommend paying for it though unless you have a LOT of files that you need synced across several machines or shared amongst your friends/colleagues. You’d do a lot better with a service like Carbonite which backs up your entire machine, then installing Dropbox on top of it to sync/share just the files you really want to. It’s cheaper too.

There’s another little trick I discovered a few months back too, which I mainly used to let me sync saved games for my Steam games that don’t already take advantage of Steamcloud. It involves creating dynamic links to either the files or folders in question, but I can’t easily explain how to do that while typing from a phone. It really needs accompanying screenshots and a few copy&pasted commands for the command prompt. That’ll be a post for another day, when I finally get internet access back up at home (just got an email from Sky saying it’s won’t happen until the 11th now!).

There’s other programs out there, such as Evernote and even Google Docs, but they just don’t have the same ease of use when it Congress to blending in to the system you’re using.

Oh, one other thing that Dropbox do is let you increase how much space you have, regardless of whether you pay for it or not. All you have to do is get other people to sign up for it using a referral link or email. It’s 250MB each for a grand total of 8GB for a free account. So to take advantage of the link whoring that everyone else who uses this product does, I’ve included my own referral link below. If you do sign up, please use it. You get an additional 250MB for your own account too.

With all recent reports of company servers being hacked and usernames/passwords of their customers being released into the wild the topic of security has been on my mind a lot lately, particularly passwords. I’ve read a number of articles over the years on how to create secure, easy to remember passwords and I’m going to do my best to sum up all that work together in one place. I’m going to try to keep this non-technical where I can, although I’ll include links for anyone who wants to read up on a topic some more.

Words

The first topic to cover is using words for your password, namely don’t. Sure you can use them in certain cases, which I’ll explain later, but the general rule is not to use them. One of the first techniques people use to guess your password is a method known as a dictionary attack, which is when a hacker runs through every word that you’d find in your average English dictionary to see if you’re using it as your password. These attacks also typically include the names of people, films, books, songs or anything else you might encounter during day-to-day life. In short, don’t use them. This type of attack typically takes a matter seconds to run through several thousand different possible passwords, and your account can be cracked open as easy as anything. This also applies to other popular and predictable combinations, like typing “leet” versions of words by switching the letters and numbers around, or using phrases such as “123456”, “password” or the entire top row of your keyboard.

Not much better is when you use words that, while might not be particularly well-known, relate to you personally. Having your mother’s maiden name or the name of your first pet might seem like a good idea, but then anyone who knows much about you could easily find it out, and it only takes one person trying it to get into your accounts. Heck, there’s plenty of forum games out there which get you to put together these very things to make your “Film star name”, “Porn star name” and the like. This can also go for using them as answers for your security questions for those times when you forget your passwords, but I’ll come to those later.

Characters

The other more popular method is by trying every possible combination of characters until you encounter one that works. This is known as the “Brute Force” method. Certain websites and programs counter this by blocking a user who enters an incorrect password too many times. For those that don’t have this feature though, your password WILL eventually be cracked, it’s just a matter of time. Thankfully there are ways to extend the time it takes to do so with relatively little effort. The fastest way to do a brute force attack is to assume that a user is only using lower-case characters (a-z), which gives you 26 different possibilities for each character of the password. By putting in just a single capital letter somewhere in your password this increases the number of possibilities for each character to 56. This is because a hacker has no way of knowing what type of characters you’re using within your password, all they know is whether it’s right or wrong. You can further complicate things for them by adding a single number (which increase the number of possibilities to 66) and any special symbol from your keyboard. The keyboard I’m using now has 36 special symbols that I can see, and a bunch more that don’t, but let’s assume 36 for now to keep things simple. That means that by taking a password written in all lower-case letters then using adding just a single upper-case letter along with a number and a symbol any program used will have to run through 102 different combinations for each character. Sure this may not seem like much, being barely 4 times larger than the original 26 different possibilities, but that’s before we take length into account.

Length

When using the Brute Force method to crack passwords there’s no special technique to doing so other than going through every single combination of letters, numbers and symbols, and every additional character you add to that makes it that much more difficult to crack. For every extra character you add to the password you multiply the number of possible combinations by the number of different types of characters you’re using. To keep the maths simple I’m not going to be exact, but as I’m going to fudge the numbers the same way every time you’ll still be able to see the difference. Let’s take the password “asdgsdgd” for instance. It’s an 8 letter password composed entirely of lower case letters. There’s 26 different letters in that set, so there’s 26^8 different possibilities for that type of password (208’827’064’576 or slightly over 208 billion). Sure that might seem a lot already, but let’s try making just a few changes to it. “asdgsD1?” now features lower and upper-case letters, numbers and symbols. This brings the number of possibilities up to 102^8 different possibilities (11’716’593’810’022’656 or 11 quadrillion). By changing just these 3 characters we’ve suddenly made the password roughly 50’000 times harder to crack. There’s no real upper limit on how many characters you can use really, but a lot of websites impose a limit, so you’re best sticking to a reasonably lengthy password without going too overboard, say 16-20 characters or so. What? You can’t memorise a 20 character password like “dobGFd’2fv43t’g34RDx”? Neither can I, which brings me onto the next topic.

Complexity
Having a hard to remember password doesn’t make it hard to crack. When cracking a password the only things that matter are the length of the passwords and what types of characters you’re using. So “gsd5V#3d>s” is about as complex as “”, which is far, far easier to remember. You’ll remember earlier I recommended not using common words that you could find in a dictionary. Well by combining it with a combination of upper-case, lower-case letters numbers AND symbols you can mostly ignore that rule. Better though is to use multiple words that don’t necessarily belong together while at the same time including other characters to separate them. Take “99_Elephants_Hate_Cucumbers” for example. Incredibly simple to remember, nobody would ever randomly guess it, unless it’s a phrase you just happen to have written next to your PC, and it’s long enough that it’s never going to be cracked by a desktop computer during your lifetime. Ultimately the killer here is length, and believe it or not, the password mentioned above is just as complex as using “D0g……………………”. If you have all these things covered already, then there’s only one thing standing between you and a highly secure password.

The weakest link

Let’s say you’ve got a wonderful 50 character password using a variety of different letters, numbers and symbols that can’t be found in a dictionary, doesn’t relate to you personally and you don’t have written down anywhere. This is still only as secure as the place you use it, which as recent hacks have shown are occasionally stored in a plain text format, allowing people to just copy it from the server and simply paste it into the password field of any other website or online service you might use. The key here is to make each password slightly different in a way that’s not particularly obvious, but you can still easily remember.

Let’s take http://www.google.com for example. First decide what the main part of your password will be, such as “!Rabbits_Eat_100_Balloons!” or “8Pineapple//////////////”. Then find a way to incorporate part of the web address in into your password. This could be taking the first and last letters then adding them to the beginning and end of your password, making “g!Rabbits_Eat_100_Balloons!e” or “g8Pineapple//////////////e”. Better yet, be sneaky and add use the key just to the right of where that letter appears on your keyboard so you instead get “h!Rabbits_Eat_100_Balloons!r” or “h8Pineapple//////////////r” which make it even more unpredictable to anyone who manages to get hold of several of your passwords.

Even better is to prefix a certain number of characters to the beginning of your password based on how long the URL is. Maybe take the total number of letters in the title (6 for google in this case) and add that number plus 2 dots to the beginning.

There’s no hard and fast rule for what to do here as if everyone used the same method then it become a recognisable pattern that could be worked into hackers attempts to crack them. The best thing to do is find something that a password and a technique that works for you. And then the most important tip, is not to tell ANYONE your password. Not me, your friends, your parents, that nice man on the internet who needs it so he can give you some uber-cool items in World of Warcraft. Sure you might be able to trust them to not screw you over (except maybe that guy on the web), but if you’re letting other people know your password then it defeats the purpose of having one in the first place. The same goes for downloading and running files and programs from certain disreputable sites and following strange links that appear on Facebook. Sure you might want to really see what that drunk girl did that was so stupid your grandmother just HAD to show you it, but if you get your machine infected then it’s just as bad as sticking your usernames and passwords up on the notice board at university. Nobody’s perfect and everyone gets infected from time to time, just think twice about a link before you click it, even when it’s from a friend who you trust. Many viruses like to spread via Facebook and Instant Messenger programs, so your friend might not even realise they’ve sent it to you.

http://www.codinghorror.com/blog/2007/09/rainbow-hash-cracking.html – This goes into detail on a more advanced form of hacking, using a technique known as hash tables. If you’ve followed the rules I’ve laid out in here you’ll be fine, but it does a grand job of explaining how shorter passwords are even less secure than they may seem.